- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Linux syslog server taking time to update
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-02-2013 10:36 PM
тАО07-02-2013 10:36 PM
Hi ,
We have RHEL 5.6 linux syslog server.
Which we hav confgred as to use syslog server .
But when 1 client is cnfgred its getting updated immediately , whereas when i add 2nd client it takes almost 5 min for the entry to be updated in linux box.
Solved! Go to Solution.
- Tags:
- syslog
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-03-2013 12:03 AM
тАО07-03-2013 12:03 AM
Re: Linux syslog server taking time to update
What HP-UX versions are your two clients?
Are they equally busy?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-03-2013 12:29 AM
тАО07-03-2013 12:29 AM
Re: Linux syslog server taking time to update
Hi ,
They are all hpux 11iv2
Not much busy , cpu wise all fine .
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-13-2013 08:31 AM
тАО07-13-2013 08:31 AM
Re: Linux syslog server taking time to update
Waiting for any solution/suggestion.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-13-2013 02:48 PM
тАО07-13-2013 02:48 PM
SolutionThere are three possibilities:
- the 2nd client sends the log message to the syslog server immediately, but the syslog server takes a while to actually write it to the log file
- the 2nd client takes a while to send the message, but when it finally does that, the syslog server writes the message to the log as soon as it gets it.
- both the 2nd client and the syslog server are delaying the message for some reason.
You should use tcpdump or similar to verify that the message is not delayed at the 2nd client.
When you add the 2nd client, do you use the hostname or the IP address of the syslog server in the configuration?
If you use the hostname, are you sure the system can always rapidly resolve the hostname of the syslog server into an IP address? (The delay of several minutes while the system is not busy sounds like it might be a repeated DNS lookup failure.)
In general, if you use hostnames in syslog configuration, it would probably be a good idea to list the IP addresses corresponding to those hostnames in /etc/hosts, so your logging won't fail if you have problems with your DNS.
The syslog server might also be trying to look up the source IP address of the received log message, in order to replace it with the hostname of the server that sent the log message. (Since the syslog network protocol is not encrypted or authenticated at all, the message might be spoofed: therefore, it's better for the syslog server to check the source hostname based on the source IP address of the message, rather than blindly trust that the client identifies itself correctly.)
If your DNS has problems with reverse lookups, this might cause delays at the syslog server. In this case, you might add the IP address and hostname of the 2nd client to /etc/hosts at the syslog server too.
- Tags:
- DNS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-16-2013 11:23 PM
тАО07-16-2013 11:23 PM
Re: Linux syslog server taking time to update
Thanks Matti ur gr8888 :)